Claims 



5 1. A process for executing a downloadable service with specific access rights to at 
least one profile file in a user's computer^ said computer comprising a web browser 
communication to the internet or intranet via a first communication port and socket, 
said process being characterized in that it involves the steps of: 

10 - arranging a confined oiri^time environment (11) which is assigned a second 
communication port and socket and providing restricted access to at least one 
profile file: 

- downloading said sen^ice through said second communication port so that it is 
received by said confined run time environment (11); and 

15 - executing said sennce within said confined mn time environment' whereby said 
service is given an access to said at least one profile file in a secure environment, 

■■ 

2. The process according ib daim 1 characterized in that said confined run time 
environment is an extended sandbox having restrictive access to said at least one 

20 profile file. 

3. The process according to claim 2 characterized in that the service is downloaded 
under the form of a set of Java code containing classes structure packaged within a 
signed archive file. Three parts compose the service: remote Internet data, a list of 

25 requested data that are needed to personalise the service, and code to sort remote 
Internet data using request^ accessible data. 

•ic-'i' 

4. The process according tp claim 2 characterized in that it further involves the step 

of: ^ 

30 

* downloading a signed archive file which is received via said second 
communication port; 

- checking the signature of the archive file and, if corrupted, discarding said archiv 
file; and 
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- selecting one particular secure class loader corresponding to said signature for the 
purpose of creating additional security Java classes allowing the restricted access to 
said at least one profile file. : 

5 5. The process according to clainn 4 characterized In that said secure class loader 
further Includes restricted access to sonne specific sections of said at least one 
profile files. 

6. A process for receiving a signed archive file containing dass structures 
10 representative of at least one service to be downloaded to and executed on a client 

computer characterized ii^ that said at least one sennce is associated with a 
conresponding set of access rights to some profile files and the process further 
Inv^ves the steps of: 

15 - receiving said archive file; " 

- validating said archive file with said signature; 

- selecting one secure class loader associated with said signature, said class loader 
being representative of the set of access rights associated to said service; 

- generating said classes In accordance with the secure class loader being selected 
20 for the purpose of generating a compiled code; and 

- executing said compiled cbkie. 

7. A process for generating compiled executable code in a client machine, 
comprising the steps ot 

25 

- receiving a signed archive file containing classes of a service to be executed on 
said local machine; 

- checking and validating the signature associated to said archive file; 

- associating said signature to one predetermined secure dass loader for the 
30 purpose of defining a predetemiined java security policy and assigning access rights 

to at least one profile file; t 

- invoking generating said access control classes in addition to the classes of said 
service; and 

- generating compiled cod and executing said compiled code. 
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8. The process according to claim 1 wherein said at least on profile is arranged in a 
hierarchical manner with a technical section comprising data representative of the 
user's machine configuratiort; user's comportments, habits and preferences. 

5 > 

9. The process according to claim 8 wherein said technical section is automatically 
filled with data extracted from Infomnation available at the Basic Input Output 
System (BIOS) level and profile building tools. 

10 10. The process according to claim 8 wherein said technical section is automatically 
filled by means of interrogatiing standardised systems management Interfaces 
present in the client computer. 

■> 

11. Tlie process according to claim 8 wherein said technical section is autornatically 
15 filled by means of Interrogation via the Distributed Management Inteirface (DMI) or 

Window Management Internee (WMI). 

12. The process according to claim 1 wherein said downloadable service is an 
authentication service cooperating with a master card, 

20 

13. A transaction aid for assisting a transaction between an user and at least one 
remote server (3, 4), said transaction aid comprising program code elements for 
carrying out a process as c|aimed in any preceding claim, 

25 14. A transaction aid as claimed in claim 11 in the form of a personal computer, the 
program code elements being implemented as a downloadable service having 
access to said at least one profile file. 

15. A transaction aid computer program product having program code elements for 
30 carrying out a process as claimed In any of claims 1 to 9. 
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